Zhipeng He , Chun Ouyang , Laith Alzubaidi , Alistair Barros , Catarina Moreira
{"title":"Investigating imperceptibility of adversarial attacks on tabular data: An empirical analysis","authors":"Zhipeng He , Chun Ouyang , Laith Alzubaidi , Alistair Barros , Catarina Moreira","doi":"10.1016/j.iswa.2024.200461","DOIUrl":null,"url":null,"abstract":"<div><div>Adversarial attacks are a potential threat to machine learning models by causing incorrect predictions through imperceptible perturbations to the input data. While these attacks have been extensively studied in unstructured data like images, applying them to structured data, such as tabular data, presents new challenges. These challenges arise from the inherent heterogeneity and complex feature interdependencies in tabular data, which differ from the characteristics of image data. To account for this distinction, it is necessary to establish tailored imperceptibility criteria specific to tabular data. However, there is currently a lack of standardised metrics for assessing the imperceptibility of adversarial attacks on tabular data.</div><div>To address this gap, we propose a set of key properties and corresponding metrics designed to comprehensively characterise imperceptible adversarial attacks on tabular data. These are: <em>proximity</em> to the original input, <em>sparsity</em> of altered features, <em>deviation</em> from the original data distribution, <em>sensitivity</em> in perturbing features with narrow distribution, <em>immutability</em> of certain features that should remain unchanged, <em>feasibility</em> of specific feature values that should not go beyond valid practical ranges, and <em>feature interdependencies</em> capturing complex relationships between data attributes.</div><div>We evaluate the imperceptibility of five adversarial attacks, including both bounded attacks and unbounded attacks, on tabular data using the proposed imperceptibility metrics. The results reveal a <em>trade-off</em> between the imperceptibility and effectiveness of these attacks. The study also identifies limitations in current attack algorithms, offering insights that can guide future research in the area. The findings gained from this empirical analysis provide valuable direction for enhancing the design of adversarial attack algorithms, thereby advancing adversarial machine learning on tabular data.</div></div>","PeriodicalId":100684,"journal":{"name":"Intelligent Systems with Applications","volume":"25 ","pages":"Article 200461"},"PeriodicalIF":0.0000,"publicationDate":"2024-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Intelligent Systems with Applications","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667305324001352","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Adversarial attacks are a potential threat to machine learning models by causing incorrect predictions through imperceptible perturbations to the input data. While these attacks have been extensively studied in unstructured data like images, applying them to structured data, such as tabular data, presents new challenges. These challenges arise from the inherent heterogeneity and complex feature interdependencies in tabular data, which differ from the characteristics of image data. To account for this distinction, it is necessary to establish tailored imperceptibility criteria specific to tabular data. However, there is currently a lack of standardised metrics for assessing the imperceptibility of adversarial attacks on tabular data.
To address this gap, we propose a set of key properties and corresponding metrics designed to comprehensively characterise imperceptible adversarial attacks on tabular data. These are: proximity to the original input, sparsity of altered features, deviation from the original data distribution, sensitivity in perturbing features with narrow distribution, immutability of certain features that should remain unchanged, feasibility of specific feature values that should not go beyond valid practical ranges, and feature interdependencies capturing complex relationships between data attributes.
We evaluate the imperceptibility of five adversarial attacks, including both bounded attacks and unbounded attacks, on tabular data using the proposed imperceptibility metrics. The results reveal a trade-off between the imperceptibility and effectiveness of these attacks. The study also identifies limitations in current attack algorithms, offering insights that can guide future research in the area. The findings gained from this empirical analysis provide valuable direction for enhancing the design of adversarial attack algorithms, thereby advancing adversarial machine learning on tabular data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
